The only use for this is to save wear and tear on my keyboard when I need to come up with some sort of random string to use for a user password. Note this is the password that I would give them, not the encrypted password that one might find in /etc/passwd or /etc/shadow. It just looks like gibberish. I'd simply call it a finger exercise to see if I could do it all in one line (its possible with commandline parameters to feed into the crypt() function. I just decided to use a string out of localtime().
#! /usr/local/bin/perl -w
use strict;
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdat)=localtime;
print "Password: " . reverse(substr(crypt((($sec+$min+$hour+$mday+$mon
++$year+$wday+$yday+$isdat) * $< / $)),rand($
$)),2,9)) . "\n";

[download]

Replies are listed 'Best First'.
Re: Random String Generator
by Aristotle (Chancellor) on Jun 03, 2003 at 23:41 UTC
    Ugh. I had to deparse it to see the forest for all those parens (hacker's version is even worse). What purpose does reversing an already random string serve? It doesn't contribute any randomness. Not to mention you're calling reverse in list context but with only one parameter, so effectively it's not even doing anything at all. 
    #!/usr/bin/perl -w
use strict;
use English '-no_match_vars';

my $sum = 0;
$sum += $_ for localtime;

print substr(crypt($sum * $UID / $EGID, rand $PID), 2, 9);

    [download]
    Generally it seems like you're just trying to throw as much "random stuff" into the pile as possible - but it's not really contributing anything. For high quality random data rendered as a typeable string I'd just dump a bunch of bytes from /dev/urandom and uu- or base64-encode them.

    Makeshifts last the longest.

[reply]
[d/l]
      Generally it seems like you're just trying to throw as much "random stuff" into the pile as possible - but it's not really contributing anything.

      Indeed. This reminds me of Donald Knuth's Algorithm K, the "super-random" number generator. He develops an complex 13-stage algorithm that is "intended to be so complicated that a person reading a listing of it without explanatory comments wouldn't know what the program was doing".

      Sadly, the first time it was iterated, using the function's output as its input, it immediately converged on a single value. Trying other initial values produced the same result. Reflecting upon this, Knuth wrote:

      "...random numbers should not be generated with a method chosen at random. Some theory should be used." (Seminumerical Algorithms, Chapter 3.1).

      _____________________________________________
      Come to YAPC::Europe 2003 in Paris, 23-25 July 2003.

[reply]
      The reverse() is a holdover from an earlier incarnation where a string and seed were fed at the commandline. I noted that the seed became the first character in the string, which is why I reveresed it. There is much less of a need for that now.

      "Ex libris un peut de tout"

[reply]
Re: Random String Generator
by hacker (Priest) on Jun 03, 2003 at 18:48 UTC
    A slight bit of refactoring: 
    my @v = my ($sec, $min, $hour, $mday, $mon, 
            $year, $wday, $yday, $isdat) = localtime;

printf "Password: %s\n",
        reverse(substr(crypt(((add()) * $< / $)), rand($$)), 2,9));

sub add { my $v += $_ for @v; }

    [download]
[reply]
[d/l]
      maybe its my version of Perl, but I ended up having to run that subroutine as: 

      sub add { foreach (<@v>) { my $v += $_; } }

      [download]

      "Ex libris un peut de tout"

[reply]
[d/l]
[reply]
Re: Random String Generator
by halley (Prior) on Jun 04, 2003 at 14:48 UTC

    Truly gibberish passwords are the first things to get written on PostIt™ notes and stuck to the keyboard. It may be useful for the "initial one-time password" before a user is required to change it, but it's not a good idea to enforce uncomprehensible passwords.

    If I ever have to create a random password generator, I would hope to develop it to generate memorable yet strong passwords. The kind of passwords I recommend to newcomers.

    • Pick a sentence or sentence fragment from a large library, or piece together a memorable sentence from a fuzz-generator table.
    • Show the sentence to the user.
    • Randomly ucfirst or lcfirst each word.
    • Remove any script-problematic punctuation (if any).
    • Randomly remove most of the remaining punctuation.
    • Randomly replace some Ells and Ohs with Ones and Zeros.
    • Show the modified sentence to the user, initials in red.
    • Assign the initials as the password.
    Freedom is under attack --George W. Bush
    freedom 1s under Attack --george w. Bush
     Password: f1uAgw.B

    --
    [ e d @ h a l l e y . c c ]

[reply]
      Thats a good point about. We actually change the passwords on the user once a month. This is not for your typical user access to a network or system.

      "Ex libris un peut de tout"

[reply]

      freedom 1s under Attack --george w. Bush
      Password: f1uAgw.B

      I bet many Monks will now change their password to Japh,\n

      If I ever have to create a random password generator, I would hope to develop it to generate memorable yet strong passwords.

      You mean like the ones that Crypt::PassGen and pwgen create?

      Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }

[reply]
[d/l]

        No, I said strong passwords. From Crypt::PassGen: "This module should not be used for high security applications (such as user accounts) since it returns passwords that are not mixed case, have no punctuation and no letters [sic]. This word can be used as a basis for a more secure password." Anything can be used as a basis for more security.

        The lack of ANY discussion on pwgen's sourceforge project site or home page leads me to dismiss it. I'm not going to go slogging through their source code to determine their methods and analyze whether it's strong or weak-- at least, not until I hear their own analysis and agree with their executive summary of proper security methodology.

        --
        [ e d @ h a l l e y . c c ]

[reply]

Back to Cool Uses for Perl